Millions of IoT devices affected by TCP/IP flaws

by | December 11, 2020 | Cybersecurity News

Researchers discover new vulnerabilities that affect millions of routers, IoT and OT devices from more than 150 vendors.

A warning was issued by researchers and the U.S. Cybersecurity Infrastructure Security Agency about several vulnerabilities affecting the TCP/IP stacks. Millions of internet-of-things devices and embedded systems are affected. 

Security researchers called these vulnerabilities Amnesia:33, based on the number of issues found and the fact that they mostly affect the device’s memory. Four of them are critical and facilitate a wide range of attacks, like:

  • remote code execution
  • information leak
  • denial of service
  • memory corruption 

Researchers have previously found other TCP/IP issues, with related vulnerability sets Ripple20 and Urgent/11. Amnesia:33 affects multiple TCP/IP stacks that are not owned by a single company, making these vulnerabilities hard to patch. For protection, experts recommend disabling or blocking IPv6 traffic when unnecessary, relying on internal DNS servers as much as possible, and monitoring network packages for corrupted packets.

Check the source.

Read More

by Dan Florian

Product owner and co-founder of ATTACK Simulator. Dan likes to code, is passionate about design, and loves running and swimming.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.